MeSince Certificate Database Services

1. Open API for Public Key Searching

2. Open API for Public Key Submitting

1. Open API for Public Key Searching

At present, all kinds of bank statement, water and electricity bills, telecom bills, social security record, insurance contract, traffic violation penalty bill, e-government notice, all kinds of service renewal notice etc. are sent to the user's email in plain text. These messages contain a lot of confidential information, and these plain text emails are very easy to be illegally stolen, and thus expose the user's personal privacy information, and even leads to personal property losses.

And, because the email sender's name and email address can be forged, which makes the counterfeit emails of banks, telecommunications, government and other institutions flood, many users can't identify fake and fraudulent emails and cause them to be fooled, and loss of money and reputation. This has become an incurable problem.

This MeSince® Open API is to provide an open interface for the sending the billing emails using encrypted emails to protest the private and sensitive information in the billing email. The service provider can get its customer's email's public key certificate for email encryption from MeSince CerDB through API, then the service provider can send the encrypted bill or statement to its customer securely, to ensure that the customer's confidential information will not be illegally stolen and protect the user's confidential information security. If the bill is a PDF file, it is recommended to use the service operator's identity certificate to digitally sign the PDF file to let the customer believe this bill is truly issued by the service provider.

This MeSince® Open API also provides an interface for checking if a user’s email is using MeSince or if this email has encryption certificate, if it is not used or no any encrypting certificate. If the API return NO, then service provider shall send an unencrypted email to the user before sending the encrypted billing email to inform the user how to download and install MeSince® to receive the encrypted billing emails.

This MeSince® Open API can also be used to send all kind of verification code by encrypted email in place of the normal SMS, because the SMS sent verification code is easy to be illegally stolen now. The NIST clearly point out the Threat in SP 800-63B "Digital Identity Guidelines - Authentication and Lifecycle Management", "A malicious app on the endpoint reads an out-of-band secret sent via SMS and the attacker uses the secret to authenticate.", and this SP plan to make special restrict to use the SMS to send the verification code in the future.

This MeSince® Open API changed the way of sending verification code - sending the verification code by encrypted email, this meet the request of NIST SP. For instance, if the Internet banking payment needs to send verification code to users by SMS, the verification code can be sent by encrypted email, no any malicious APP can get the encrypted verification code. This method is not only secure and reliable, but also save the SMS cost. This secure way to send a verification code can be used for various application scenarios where it is necessary to send verification code by SMS. It's secure and can save money, and meanwhile resolves the issue that users cannot receive the SMS due to the problem that the mobile phone number is no longer in use.

This MeSince® Open API can also be used to provide customers service by using encrypted email. Users only need to send encrypted email to the designated customer service email address, and then the service provider can provide the service by encrypted email. This innovative service mode is not only secure and efficient with low customer service cost (telephone service cost is high), but also addresses the problem that users cannot upload screenshots or product images when making a phone call. Since the email sent by the user is digitally signed with timestamp and encrypted, it can not only prove the real identity of the user and protect the privacy of the user but also ensure that the evidence or commitment provided by the user is legal, The Electronic Signature related law guarantees that the digital signature is equal to the handwritten signature and/or the company seal.

Of course, the service provider can ask the user to complete the real identity verification, it is verified in Internet banking case, this can be done by the service provider itself or by MeSince. In fact, it is an effective way to send users email with digital signature to prevent fraudulent email, one Germany bank as early as 2006 has been using the email digital signature technology. It would be the safest and most efficient way of communicating with customers to send encrypted email with digital signature using MeSince® Open API.

The API for Public Key Searching is also opened to other email client to help them get rid of the public key exchanging step in sending encrypted emails.

For Public Key Searching API integration, please contact us. You can use the API after one work day process.

2. Open API for Public Key Submitting

MeSince maintains a global public key certificate database (CerDB), where all CAs, email clients and all email users can submit public keys through API or website, so that others can send encrypted email to them and getting rid of the public key exchanging step.

CAs and email client software developers can contact us, and integrate the API after one work day process.

Individual users are welcomed to submit their public keys or others public keys here later soon.